The Department of Homeland Security (DHS) improved its performance on the department’s FISMA (Federal Information Security Modernization Act) audit, going from Level 3 in Fiscal Year 2017 to Level 4 in FY2018, an agency inspector general’s report issued this month shows.
The audit shows that DHS’ cyber defenses are solid across the board, with the department receiving a Level 4 on four of the five functions on the NIST Cybersecurity Framework. At Level 4, DHS managed to reach the threshold for “effective.”
“We attributed DHS’ progress to improvements in information security risk, configuration management practices, continuous monitoring, and more effective security training,” the inspector general report states.
The main areas of improvement for DHS were in the protect and detect functions, which both saw improvements from FY2017. While some gaps still exist in DHS implementation of its security policies, the department has “made overall progress” in its posture, the IG said.
The audit includes several recommendations for DHS, including requirements to mitigate security weaknesses for components, notifying stakeholders of non-PII related major incidents, and implementing controls to make sure cyber data is accurate and complete, all of which DHS agreed with, resolved, and closed.